Attribute-Based Access Control (ABAC)

Definition - What does Attribute-Based Access Control (ABAC) mean?

Attribute-based access control (ABAC) is a different approach to access control in which access rights are granted through the use of policies made up of attributes working together. ABAC uses attributes as the building blocks to define access control rules and access requests. This is done through a structured language called the eXtensible Access Control Markup Language (XACML), which is as easy to read or write as a natural language.

Techopedia explains Attribute-Based Access Control (ABAC)

In an attribute-based access control system, any type of attribute such as user attributes and resource attributes are used to determine access. These attributes are compared to defined static values or even to other attributes, which turns it into a relation-based access control. Attributes come in key-value pairs such as "Role=Supervisor," which can be used to limit access to a certain feature of a system. In this case only users with the designation of supervisor or higher can be given access to that feature or system.

In an ABAC system, rules are written using XACML. For example, a rule could state:

"Permit managers to access financial data provided they are from finance department."

This would allow users with attributes of Role=Manager and Department=Finance to access data with the attributes of Category=Financial. This leaves other types of users from even getting to the login screen and preventing certain types of attacks like brute force and library attacks.